unbeatencoder / hflow Goto Github PK
View Code? Open in Web Editor NEWThis project forked from honeynet/hflow
License: GNU General Public License v2.0
hflow's Introduction
-----
Hflow2
What is this?
This is the next genertion for hflow, there where several objectives behind it:
-- Higher troughput
-- Better directionality detectio
-- Lower runtime dependenciers
-- Lower latency with DB
To achieve this a modular architecture was designed.
The architecture can be tought as a packet processing language and can be used
without hflow, in fact it hflow2 became a subproject of the packet language.
How we do this?
What do I need?
-----------
FAQ
--I see a patch file.. what is this?
In order to use snort, snort must be compuliled with a special patch
to apply go to the snort directory and:
>>patch -p0 < spo_unified.c.patch
------
Small FAQ
-What is this?
yet another flow tool, but with three objectives in mind:
simplicity, modularity and a new definition of flow
-New definition of netflow, please stop waisting my time?
Not really the definition of netwflow used in this tool
includes not only the true 'in band' packets of a bidirectional
flow, but also those icmp messages that are generated by the end host.
icmp messages that are related to a flow but are generated by intermediate routers
affect the icmp packet count of the flow, but also create a new flow.
The approach is to try to capture the causality of the flows, but also to
convey as much information as possible.
-Ok why not use argus then?
There are two probles with argus:
a. The code complexity is enormous, as it tries to capture a great deal of information.
what I try to do is similar but I am only dealing with ipv4 flows and i dont care
much about performance metrics. (still they can be calculated).
Just to make a quick comparison this program has (including client side) 2189 lines of code
argus has:25014 lines of code (just argus and common code '.c' files,argus 3.0.0rc17).
b. due to the code complexity I have found errors on both argus 2.x and 3.x
2.x (problems with bad direction (try a tcp syn/ack scan))
3.x (problems with traceroute with icmp (tested on 3.0.0.rc14)
is this done yet?
no, much more is needed for this to be done, but we are getting closer!
This an early version of the pcap language stuff
a simple block of the form:
------- -------------- ----------
|Input| ----> | Flow_Maker | --> |pcap out|
------- -------------- ----------
|
V
------------------------
|Flow Database inserter|
------------------------
|
V
----------
| Mysqld |
----------
hflow's People
Watchers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.